The opinion of the court was delivered by: Honorablelarryalanburns United States District Judge
ORDER GRANTING MOTION TO DISMISS WITHOUT PREJUDICE AND STAYING CASE
This is a dispute between two companies in the freight business. Platinum Logistics alleges that Melissa Ysais, a former sales manager, jumped ship to Mainfreight and took Platinum Logistics' customer lists and rate sheets with her, in violation of a binding nondisclosure and non-compete agreement. Platinum Logistics filed in federal court because one of its claims arises under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq. The question now before the Court, raised by Defendants in their motion to dismiss, is whether Platinum Logistics has stated a CFAA claim. If it has not, there is no basis for the Court to retain jurisdiction of this case.
The CFAA is a criminal statute. It prohibits "a number of different computer crimes, the majority of which involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data." LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1131 (9th Cir. 2009). Those crimes include:
* "intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] . . . information from any protected computer." 18 U.S.C. § 1030(a)(2).
* "knowingly and with intent to defraud, access[ing] a protected computer without authorization, or exceed[ing] authorized access, and by means of such conduct further[ing] the intended fraud and obtain[ing] anything of value . . . ." 18 U.S.C. § 1030(a)(4).
* "intentionally access[ing] a protected computer without authorization, and as a result of such conduct, caus[ing] damage and loss." 18 U.S.C. § 1030(a)(5)(C).
It is unclear to the Court which provision of CFAA Platinum Logistics believes Ysais has violated. (Mainfreight is not accused of violating CFAA.) In its complaint, under the heading "First Cause of Action," it cites 18 U.S.C. § 1030 as a whole, but in its particular allegations it cites only § 1030(a)(5)(C). (See Compl. ¶ 22.) Its opposition brief lends no clarification. (Opp'n Br. at 2--4.)
This is a critical point. Section 1030(a)(5)(C) only prohibits the access of a computer "without authorization," which the Ninth Circuit in Brekka interpreted to mean access "without any permission at all." Brekka, 581 F.3d at 1133. It was quite clear:
[W]e hold that a person uses a computer 'without authorization' under §§ 1030(a)(2) and (4) when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone's computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.
Id. at 1135. Other courts have interpreted the CFAA more broadly, but this interpretation still controls in the Ninth Circuit. See United States v. Zhang, 2010 WL 4807098 at *2 (N.D. Cal. Nov. 19, 2010). Because Platinum Logistics concedes that Ysais had full access, in the course of her employment, to its customer lists and rate sheets, it simply cannot claim that she used a computer "without authorization" and is liable under § 1030(a)(5)(C) of CFAA. (See Compl. ¶¶ 10, 31.)
The analysis is more complicated if Platinum Logistics is also alleging that Ysais violated §§ 1030(a)(2) or (a)(4) (or both), which cover not only access "without authorization" but also exceeding access that is authorized. Building on Brekka, the Ninth Circuit tackled the meaning of "exceeds authorized access" in §§ 1030(a)(2) and (a)(4) in United States v. Nosal, 642 F.3d 781 (9th Cir. 2011). It held that "an employee 'exceeds authorized access' under § 1030 when he or she violates the employer's computer access restrictions-including use restrictions." Id. at 785. It concluded:
Today, we clarify that under the CFAA, an employee accesses a computer in excess of his or her authorization when that access violates the employer's access restrictions, which may include restrictions on the employee's use of the ...